/ TEHTRIS DR
TEHTRIS DECEPTIVE RESPONSE and its honeypots simulate fake machines and services in order to fool intruders.
A preventive and efficient real-time alarm system
TEHTRIS Deceptive Response (honeypots) provides an effective alarm system in real-time, ahead of intrusions, adding a complementary view to the security of your systems and infrastructures. By adding false resources to your network, these sensors lure attackers and provide you with reports and event dashboards.
Reveal the presence of a malicious actor
Unlike products that have to shuffle through billions of data with the risk of generating false alarms, TEHTRIS Deceptive Response will only be solicited when it is being interacted with. No one is usually supposed to play with or attack these fake machines that are not officially present on the network for production purposes.
An additional difficulty for hackers
When a hacker targets a network secured by TEHTRIS Deceptive Response, he may fall on the fake machines (decoys), triggering an alarm. The hacker does not have time to make mistakes, as it will complicate his internal exploration sessions and his lateral movements.
Why TEHTRIS Deceptive Response?
At the network level, TEHTRIS Deceptive Response can cover all VLANs in a network zone without the need to manually deploy a fake device in each VLAN.
TEHTRIS Deceptive Response does not modify systems in production. It simply adds fake machines, without disrupting existing elements.
TEHTRIS Deceptive Response includes a fleet of honeypots natively integrated to the TEHTRIS XDR Platform with SOAR, CTI, Hunting, Compliance, Incident Management, etc.
TEHTRIS Deceptive Response runs on appliances using TEHTRIX distribution, that are fully disk encrypted, with advanced protection mechanisms such as RBAC in the kernel and 0-day protection.
TEHTRIS Deceptive Response does not modify systems in production, simply adding fake machines, without the risk of disrupting existing elements.
The co-founder of TEHTRIS has been creating honeypots for over 20 years. He has been invited by armies and intelligence services around the world, to discuss his studies related to counterattacks or dynamic and proportional incident response systems.
Perfectly integrated inside the XDR Platform
When it comes to cybersecurity, orchestrating events and reacting to threats effectively and quickly is a fundamental challenge. One of the best ways to do this is with powerful automation and artificial intelligence. That’s what TEHTRIS offers with its SOAR integrated with the TEHTRIS XDR Platform.
Discover how we create hyper automation !
MITRE ATT&CK compliance
MITRE ATT&CK is a knowledge base with a model of the behavior of a cyber attacker, reflecting the different phases of the attack life cycle according to the targeted platforms: Windows, Mac, Linux, mobile, etc.
day to deploy TEHTRIS Deceptive Response
important alerts each month
interactions monitored worldwide annually by TEHTRIS honeypots
Preserve the sovereignty and integrity of your data.
With a European hosting, TEHTRIS offers you the best guarantees of sovereignty over your data. Detect silent intrusion campaigns and regain control over all attack vectors.
What features does TEHTRIS Deceptive Response offer?
TEHTRIS Deceptive Response covers all network layers from Level 3 to Level 7, providing the ability for attackers to interact remotely, using fake machines. We thus offer network level (IP+ICMP, TCP, UDP) and application level fake layers to simulate SSH access, Web, Windows services and so on.
How is TEHTRIS Deceptive Response deployed?
TEHTRIS Deceptive Response is very simple to deploy, by setting up each virtual appliance dedicated to your business, at the heart of your infrastructure. A simple boot of our installation ISO, and 4 basic answers later, you get your own honeypots that are installed on your network, with the knowledge that the whole service is remotely operated by TEHTRIS in SaaS mode.
What is a honeypot and why should I deploy one?
What are the interaction levels of the decoys proposed in TEHTRIS Deceptive Response?
Where should TEHTRIS Deceptive Response probes be placed?
What actions are monitored by TEHTRIS Deceptive Response?
How can we read the actions performed by intruders with TEHTRIS Deceptive Response?
What are the alerts raised by TEHTRIS Deceptive Response?
We have all TCP/IP interactions that are notified, as well as high interactions with specific decoys like SSH, Web or even Windows parts. For some interactions, TEHTRIS Deceptive Response users particularly appreciate being able to watch the hacker on video. For SSH, you can follow all typed commands step by step to understand the level, motivations, goals, and tools used. This gives us a rather original and unique way to track hackers.
How does the inventory service work?
As TEHTRIS Deceptive Response is deployed on a sensitive area, we listen to the available local flows, beyond the Unicast flows that we receive, and we build a vision of the neighboring machines in CMDB mode. This is not the main function of TEHTRIS Deceptive Response, but it is very useful for us to know where a laptop was connected for the first time, in which factory, on which VLAN, and above all for what purpose.
News about TEHTRIS DECEPTIVE RESPONSE
* © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
** Gartner and Market Guide are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner Innovation Insight for Unified Endpoint Security,Rob Smith, Dionisio Zumerle,12th November 2020,
Gartner Market Guide for Mobile Threat Defense,Dionisio Zumerle, Rob Smith,29th March 2021,
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.